Mohammed Asif Siddiqui

• Identifying, assessing, evaluating and reporting on Cyber Security risks in a manner that meets external and internal requirements, as well as supports forming a 360-degree view on enterprise cyber risks for MAF Entertainment
• Architects, designs, implements, and maintains information system security controls and safeguards pertaining to company IT assets and data
• Analyses trends, news and changes in threat and compliance environment with respect to organizational risks, advises IT senior management in developing and executing plans for compliance and mitigation of risks
• Define and implement appropriate KPIs to measure cybersecurity posture of the company
• Good understanding of managing internal and external audits (ISO & PCI) and assurance activities, including testing the design and operational effectiveness of security controls
• Comprehensive understanding of Cyber Security Frameworks (NIST, ISO 27001, GDPR, NESA, COBIT, PCI, etc.)
• Ability to review and coordinate changes to information security policies, procedures and standards
• In-depth knowledge and hands on in Security Domains: (Network Security, Endpoint Security, EDR, Data Security, SIEM, DLP, SOAR, Deception, Threat Hunting and Cloud Security, Audit & Compliance)
• Experience with Security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management
• Good Knowledge of SIEM solutions like LogRhythm, ArcSight, and IBM QRadar, SIEM Architecture and health checks
• Review and responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party responders
• Experience with IDAM industry standard methodologies and related solutions such as Active Directory, Azure AD, LDAP, SSO, MFA, etc
• Experience with PAM solutions such as SailPoint and CyberArk
• Strong understanding and experience with secure SDLC and DevOps and security automations
• Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organizational complexity
• Project Management: Sources and implements new fit-for-purpose security solutions based on changing threat landscape to effectively protect the organization
• Effectively communicate with other teams involved in projects during entire project lifecycle
• Play the role of subject matter expert and support vendor to implement various InfoSec/Digital projects within MAF Entertainment.
• Conducts internal security audits, IT risk assessments, and business impact assessments and identify strategic opportunities to adopt industry-leading information security and compliance standards
• Applied effective time management techniques to meet tight deadlines.
• Demonstrated a high level of initiative and creativity while tackling difficult tasks.
• Cultivated interpersonal skills by building positive relationships with others.
• Used strong analytical and problem-solving skills to develop effective solutions for challenging situations.
• Exercised leadership capabilities by successfully motivating and inspiring others.
• Participated in team projects, demonstrating an ability to work collaboratively and effectively.

• Key Profile: Responsible for monitoring key IT security controls and procedures and executing assessments across multiple IT & Information Security functions
• In addition, executing strategies, recommending and assisting in completing process implementation & improvement efforts that will shape the future of information security for Emaar Group
• Experience in IT risk management with strong understanding of cyber threats, vulnerabilities, probability and impact
• Perform deep analysis across a full spectrum of IT and Data Security areas, including review of Application, Infrastructure, and Cloud Risks and controls (including Logical Access, Change Management, Vulnerability Management, and assisting with 3rd party risk assessments)
• Assist and coordinate development/update of IT and Security Standard Operating Procedures (SOPs), contribute to governance and policy updates through assessment, research, and recommendations
• Identify and bring together the appropriate resources, subject matter experts, and stakeholders to meet goals
• Work directly with business units and other internal departments to facilitate cybersecurity risk analysis and management processes, identify acceptable levels of residual risk
• Evaluate Confidentiality, Integrity and Availability of the IT Systems based on the criticality of Assets to the Business Operations
• Provide support to data protection programs, including insider threat Management and Data Loss Prevention (DLP)
• Reviews Access controls on Windows Servers, SUN Servers and Network systems through IDAM solution
• Review high privileged user accounts (ex
• Root, system, Administrator etc...), permissions, and access rights
• Tracks and reports cyber security risk management trends, opportunities and remediations
• Administered various IT audits such as ITGC, Data Centre review, Network Security, Oracle ERP review of Finance, & Procurement modules, IT Physical Controls, Mobile Apps, Sales Force (Sales & Service Clouds), Leasing System, Avaya & Cisco Telephony, 3CX, Tenfold, MDM Integration Audits, Cryptocurrency, GDPR, Payment Gateways, Yardi, Opera, Data Lake, etc
• Plan and conduct vendor assessments across multiple IT systems
• Perform Independent analysis of results of vendor assessments and testing to assess risks and provide appropriate recommendations for corrective actions
• Knowledge of working with TeamMate, RSA Archer, and Power BI.

• Key Profile: Responsible for monitoring key IT security controls and procedures and executing assessments across multiple IT & Information Security functions
• In addition, executing strategies, recommending and assisting in completing process implementation & improvement efforts that will shape the future of information security for Damac Properties
• Advised senior management by identifying critical security issues, recommending risk-reduction solutions
• Partnered with Data Engineering team to research and experiment with emerging Data Quality Profiling technologies and tools associated to data quality, metadata, data governance
• Defined Data Governance roles, accountability, and ownership and decision rights within organization
• Promoted culture of data protection compliance across all units within the organization
• Lead the highly successful Security Information and Event Management pilot program for DAMAC using LogRhythm SIEM to monitor internal/external threats; assessed process/hardware risks, identified threat vectors, identified security policies, and approved rules for LogRhythm SIEM
• Managed Cyber Security projects such as Cyber Security Framework creation, Run book development for threat response, Incident response on Cyber Attack, SOP preparation for Cyber Attack
• Reviewed & Evaluated Managed Security Solution Provider (MSSP) partners for DAMAC
• Extensive knowledge and hands on experience on Cyberoam UTM, Trend Micro Office Scan Suite, Cisco Firewall ASA, SIEM, Forcepoint DLP, etc.

• Direct Report)
• Key Profile: Responsible for maintaining the security of all systems, networks, and applications using Microsoft and other products
• Develop, implement and monitor security measures for the protection of IT systems, networks, and information
• Perform security risk assessments and develop strategies to reduce IT security risks
• Design and implement Information Security risk management processes including conducting periodic security assessments/inspections/audits of facilities and provide reports, recommendations and action plans on ways to improve and diminish any security threats the company may face in line with internal applicable policies and procedures
• Analyze company requirements to ensure cyber security solution meets objectives by combining industry best practices, product knowledge, and business acumen
• Act as a high-level technical expert, providing knowledge and analysis of Cyber Security software applications and operational environments
• Track, analyze, and contain spam and malware emails through advanced hunting
• Research, analyze and evaluate current technical cybersecurity trends, emerging technologies and standards, new software functionality, and alternative software solutions to determine applicability and viability
• Configure & monitor different attributes and handling scale up and scale down scenarios for the application on Cloud
• Knowledge of network protocols and services (e.g., OSI model, IP networking, TCP/UDP familiarity, HTTP, SMTP)
• Experience of other commercial and open-source security tools (e.g., Firewalls, IPS, anti-malware).

• Key Profile: Responsible for maintaining the security of all systems, networks, and applications using Microsoft and other products
• Develop, implement and monitor security measures for the protection of IT systems, networks, and information
• Perform security risk assessments and develop strategies to reduce IT security risks
• Interacting and partnering with Security Operations Center (SOC) team members as an escalation resource expert for incident response activities
• Correlate and analyze events using the ArcSight SIEM tool to detect IT security incidents
• Monitor multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, and other security threat data sources
• Conduct analysis of log files, including forensic analysis of system resource access
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services
• Respond in a timely manner (within documented SLA) to support, threat, and other cases
• Managed compliance requirements for ISO 20000 & ISO 27001 as per internal & external IT audit requirements
• Managed & Implemented HP Service Manager (Helpdesk Solution), to fit the environment including solution administration, reporting, querying etc
• In one of client of Paladion (GCAA)

• Key Profile: Internal Audits; Information Security Audits; Compliance reviews, Third Party Information Security Audits; Application Audits; Vulnerability Assessment & Penetration Testing’s
• Conducted InfoSec audits as per ISO 27001:2005 and Internal Audits based on Cobit & ITGC
• Executed application audits for clients in the Banking, Broking, Healthcare, IT & ITeS industries
• Conducted IS awareness workshops & seminars and post implementation review for ERP Systems
• Played Pivotal role in the CERT-In Qualification for BDO Consulting Pvt
• Ltd
• Successfully developed many IT processes for a Healthcare Client.

• Solution Installation & Maintenance; Network Devices Maintenance; Desktop Management through Proprietary Solution; Patch, Antivirus, Spywares & Asset Management; Troubleshooting & Remote Support.

• Project Execution (Active Directory and Exchange 2003), NT Backup Management; Server Installation; Antivirus Management; DHCP & DNS Management; Project Management
• Managed active directory domains and TCP/IP, DHCP, DNS, Terminal Services & IIS, and FTP
• Managed NT Backup, performance monitoring & tuning, automation scripts & task scheduling activities
• Managed Server Resource with the help of disk quotas & user permissions on Files & Printers
• Managed Network Configuration (Internet & LAN) and Proxy Configuration
• Played Pivotal role in the successful migration of Active Directory from NT to Exchange 2003
• Successfully implemented Exchange 2003 and Asset management Solution (Zenith SAAZ)
• Classification: Personal
• Classification: Personal